PHP - Help With Session Variable

Question about variable variables and using session variables for them. O.K. So if I have:

$foo = 3;
$_SESSION['bar'] = "foo";

$$_SESSION['bar']  should equal the value of $foo, however I can't get it to work. Can someone tell me what I am doing wrong..... is it formatting???

Thanks,
Thomas

Hi all - hoping somebody can see this clearer than me...

Goal: to create a very simple shopping cart page that receives $_POST  info and stores it as an array in a session variable so items will be displayed in cart on clients return to shopping cart page.

Problem: I can get the array to display the first item that I add to the shopping cart but each susequest item just overwrites the first because it is using the same session variable name.  How do I store the next product info in a DIFFERENT session variable and display it on the shopping cart page without writing over the first?

I have two pages with products on them which need to submit orders to the shopping cart page.  They use a simple form with these fields:

<form method="post" action="cartaction.php">
               <p>
                  <input type="submit" name="submit" value="Buy" />
                  <input type="hidden" name="cartaction" value="add" />
                  <input type="hidden" name="item" value="coppercasserole" />
               </p>
            </form>


This is what I have so far on the cartaction page which can display the first product added to the cart:

<?php
//If form is submitted, call the function and save all data into the array $_SESSION['form']
if($_POST['submit'] == "Buy"){ setSessionVars(); }
 
function setSessionVars() {
      
   if ( !isset($_SESSION['cart']) ) $_SESSION['cart'] = array();
     
    $item = array();
foreach($_POST as $fieldname => $fieldvalue) {
        $item[$fieldname] = $fieldvalue;
     
        } 
$_SESSION['cart'] = $item;
         
          echo "<table> <tr> <td>" .'<img src="images/'.$item['item'].'.jpg"' . "<td/> <td>"
          . $item['item'] . "</td> <td>" . '<input type="text(30)" name="value" value="1" />
                  <input type="submit" name="puchasednum" value="Update This One Item" />' . "</td> </tr> </table>";   
}
?>



I am new to PHP and have hit a brick wall as to how to display each product array as a new session variable in the shopping cart.  I would like to keep it as simple as possible as I am getting easily confused!  Is there a way that I can increment the session variable with something like this:

<?php //session counter
   $counter = count($_SESSION['cart']);
if (($_POST['name'] !="")){
    $counter = $counter + 1;
    $_SESSION['cart'][$counter] = array();
} ?>


Or can I pass a field as a product ID and use this somehow to create a new session variable for each product or clear the post variables somehow?

Any help would be much appreciated?

Thanks

Hi Guys,        Here is the code, once logged in using known credentials it should display the content "welcome..." but it doesn't, instead it is showing "you are not authorized..." as if the session['username']); isn't being taken? 

<?php 	
ini_set('display_errors',1); 
 error_reporting(E_ALL);
		

		

include_once 'includes/db_connect.php';
include_once 'includes/functions.php';
 
sec_session_start();
?>
<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8">
        <title>Secure Login: Protected Page</title>
        <link rel="stylesheet" href="styles/main.css" />
    </head>
    <body>
        <?php if (login_check($mysqli) == true) : ?>
            <p>Welcome <?php echo htmlentities($_SESSION['username']); ?>!</p>
            <p>
                This is an example protected page.  To access this page, users
                must be logged in.  At some stage, we'll also check the role of
                the user, so pages will be able to determine the type of user
                authorised to access the page.
            </p>
            <p>Return to <a href="index.php">login page</a></p>
        <?php else : ?>
            <p>
                <span class="error">You are not authorized to access this page.</span> Please <a href="index.php">login or register</a>.
            </p>
        <?php endif; ?>
        
    </body>
</html>

I am using WAMP and have made sure the username and password is in the database correctly, how do i debug this?    the error reporting has been switched on but it doesn't help me    is the problem with: 

 <?php if (login_check($mysqli) == true) : ?>

I am trying to follow this guide: http://www.wikihow.c...n-PHP-and-MySQL   Please could i get some help on how to make the login "detect" the username from my MySQL database and display the username   Thanks   Attached Files  login_success.php.jpg   14.31KB   0 downloads

The $_SESSION['record_to_chage'] variable is set- I know this as I can echo it out.

$openedfile = file("myfile.txt");
sort($openedfile);
//
foreach($openedfile as $key => $newpick)
{
echo "<a href=\"/editpage.php?request=$_SESSION['record_to_chgange']&newcat=$newpick\" target=\"_parent\">$newpick</a>";
echo "<br>";
}

The Resulting error:
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in

For the life of me I can not figure where I am going wrong. 

Going to get coffee and some fresh eyes.

Cheers

I have a session variable called $_SESSION['patchurl'] in a php file , if i get in to an else statement this session variable gets set and i go to http://yyy page.

below is the snippet of the code

<?php
session_start();
?>
<?php
echo '<script type="text/javascript">' . "\n";
if(isset($_SESSION["Email"])){
echo 'window.location="http://www.xxx";';
}
else{
$_SESSION['patchurl'] = "true";
echo 'window.location="http://yyy";';
}
echo '</script>';?>

once the patchurl session variable is set i call a php file which sets an other session variable called $_SESSION["Email"]. now what happens is the $_SESSION['patchurl'] is gone and ONLY the $_SESSION["Email"] is accessible ...can i not set two session variables? why does creating a new session varible overwrites an other one even though they are called different ? am i doing something wrong ?
Edited by Ch0cu3r, 08 September 2014 - 01:05 PM.

I am trying to define a session variable where I can save it and use it as the user surfs the site.

I need the variable saved as $amano so I can use it in my select from/where statement and to echo within a table.

This is a test trying to capture and define the variable and works, but I can't get the variable $amano into the session. If I am then I don't know how to display it.


<?php>
session_start(); 
$id = $_POST['amano'];
$_SESSION['amano'] = '$amano';     
             
echo "Pageviews = ". $_SESSION['amano'];  // My effort to see what is happening.
echo "<br />";
echo "AMA # = ". $_POST['amano']; // I have it just like I want it here.
echo "<br />";
echo "Sessions AMA # = ".$_SESSION['amano']; 
?>

hi there,
i'm trying to put a message in the footer of a page which welcomes a person who is logged in with his/her name, using sessions of course; when i place this:
Code: [Select]
$username = $_SESSION['valid_user'];
in the footer before the echo:
Code: [Select]
echo "You are logged in as $username";
but the session is also needed before the footer to use the username for other things , such as -checking his credit- so if place in footer the footer shows name in browser but checking credit would not happen as the assignment is at the buttom.

IF i place the assignment above at the top of the file:

everything works for the user and checking credit ..etc...but the footer is not there...

cud not put this any clearer..sorry...hope if someone cud help...thanks

Currently I am adding the concept of "entitlements" to my website.

In the past, my "article.php" script would simply look to the URL for which article was being requested and then load it.  However now that I am also adding the concept of "premium content" for "paid members", I need a way to control who sees what.

What I am wondering is - from a security standpoint - how much information I should load into the $_SESSION variable.

For instance, right now when a user logs in, I think I just store the "memberID" and "FirstName" and possibly "Username".

It would be more efficient when a Member logs in to also retrieve their "Membership Plan" and store that in the $_SESSION variable, so that as they browse my website, each page can simply grab $_SESSION['MembershipPlan'] and run that through a function that I need to build and then determine if the user gets to access said page.

However, maybe it would be more secure to have it so when a user lands on page XYZ, I would look at their "memberID" and query the database to get their "MembershipPlan"?

Any thoughts on each approach?

Again, my main concern is *security*, but I also suppose this plays into "performance".

 

 

page.php
<a href="cart.php?action=add&id=38">

cart.php

session_start();
$cart = $_SESSION['cart'];

$action = $_GET['action'];

switch ($action) {
   case 'add':
if ($cart)
   $cart =$cart. ','.$_GET['id'];
   else
      $cart = $_GET['id'];
}


$_SESSION['cart'] = $cart;
echo $cart;
output:
 Insted of one time it adds the id two times.

It prints : 38,38.
can pls suggest me what's problem in the code. Thank's in advance.

The first page is used to submit data to second page (and also show errors if there are any with the data submitted). The second page should be retrieving the posted data and assigning that data to session should it need to refresh back to the first page to show errors. The session data is used to repopulate the form. Right now I'm typing test into the review_name variable and when the page redirects back to the form to display the error messages, that field is not populated with "test".

Code: [Select]
$product_id=$_GET['product'];
session_start();
$error=$_SESSION['error'];
$content.='<div class="product_information_text review_form">
<div class="review_header">Write a Review for '.$product_name.'</div>
<form action="./review_process.php?product='.$product_id.'&p=php" method="POST">
<p class="form_item"><label>Name:</label> <input type="text" name="review_name" size="30"';
if(isset($_SESSION['review_name'])){$content.=' value="'.$_SESSION['review_name'].'"';}
$content.=' />';
if($error[0]=="1"){$content.=' <span class="red">This field is required.</span>';}
$content.='
</p>
<p class="form_item"><label>E-Mail:</label> <input type="text" name="review_email" size="30"';
if(isset($_SESSION['review_email'])){$content.=' value="'.$_SESSION['review_email'].'"';}
$content.=' />';
if($error[2]=="1"){$content.=' <span class="red">This field is required.</span>';}
$content.='
</p>
<p class="form_item"><label>Location:</label> <input type="text" name="review_location" size="30"';
if(isset($_SESSION['review_location'])){$content.=' value="'.$_SESSION['review_location'].'"';}
$content.=' />';
if($error[3]=="1"){$content.=' <span class="red">This field is required.</span>';}
$content.='
</p>
<p class="form_item"><label>Describe Yourself:</label> <input type="text" name="review_describe" size="30"';
if(isset($_SESSION['review_describe'])){$content.=' value="'.$_SESSION['review_describe'].'"';}
$content.=' />';
if($error[4]=="1"){$content.=' <span class="red">This field is required.</span>';}
$content.='
</p>
<p class="form_item"><label>Review Title:</label> <input type="text" name="review_title" size="30"';
if(isset($_SESSION['review_title'])){$content.=' value="'.$_SESSION['review_title'].'"';}
$content.=' />';
if($error[1]=="1"){$content.=' <span class="red">This field is required.</span>';}
$content.='
</p>
<p class="form_item"><label>Best Use of Product:</label> <input type="text" name="review_best_use" size="30"';
if(isset($_SESSION['review_best_use'])){$content.=' value="'.$_SESSION['review_best_use'].'"';}
$content.=' />';
if($error[5]=="1"){$content.=' <span class="red">This field is required.</span>';}
$content.='
</p>
<p class="form_item"><label>Product Pros:</label> <input type="text" name="review_pros" size="30"';
if(isset($_SESSION['review_pros'])){$content.=' value="'.$_SESSION['review_pros'].'"';}
$content.=' />';
if($error[6]=="1"){$content.=' <span class="red">This field is required.</span>';}
$content.='
</p>
<p class="form_item"><label>Product Cons:</label> <input type="text" name="review_cons" size="30"';
if(isset($_SESSION['review_cons'])){$content.=' value="'.$_SESSION['review_cons'].'"';}
$content.=' />';
if($error[7]=="1"){$content.=' <span class="red">This field is required.</span>';}
$content.='
</p>
<p class="form_item"><label>Product Rating:</label><br />
<div class="rating_radio"><input type="radio" name="review_product_rating" value="1"';
if(isset($_SESSION['review_product_rating']) && $_SESSION['review_product_rating']=="1"){$content.='checked';}
$content.=' /> <br />1</div>
<div class="rating_radio"><input type="radio" name="review_product_rating" value="2"';
if(isset($_SESSION['review_product_rating']) && $_SESSION['review_product_rating']=="2"){$content.='checked';}
$content.=' /> <br />2</div>
<div class="rating_radio"><input type="radio" name="review_product_rating" value="3"';
if(isset($_SESSION['review_product_rating']) && $_SESSION['review_product_rating']=="3" || !isset($_SESSION['review_product_rating'])){$content.='checked';}
$content.=' /> <br />3</div>
<div class="rating_radio"><input type="radio" name="review_product_rating" value="4"';
if(isset($_SESSION['review_product_rating']) && $_SESSION['review_product_rating']=="4"){$content.='checked';}
$content.=' /> <br />4</div>
<div class="rating_radio"><input type="radio" name="review_product_rating" value="5"';
if(isset($_SESSION['review_product_rating']) && $_SESSION['review_product_rating']=="5"){$content.='checked';}
$content.=' /> <br />5</div>
<div class="worst">(Worst)</div><div class="best">(Best)</div>
</p>
<p>&nbsp;</p>
<p class="form_item"><label>Comments on Product:';
if($error[7]=="1"){$content.=' <span class="red">This field is required.</span>';}
$content.='
</label><br />
<textarea name="review_text" rows="10" cols="60">';
if(isset($_SESSION['review_text'])){$content.=$_SESSION['review_text'];}
$content.='</textarea>
</p>
<p><input type="submit" value="Submit" name="Submit" /></p>
</form>
</div>
';
session_unset();
session_destroy();

Code: [Select]
session_start();

$product_id=$_GET['product'];

$review_name=$_POST['review_name'];
$_SESSION['review_name']==$review_name;
$review_name = stripslashes($review_name);
$review_name = mysql_real_escape_string($review_name);
if($review_name==""){
$error0=1;
}
else{
$error0=0;
}

$review_title=$_POST['review_title'];
$_SESSION['review_title']==$review_title;
$review_title = stripslashes($review_title);
$review_title = mysql_real_escape_string($review_title);
if($review_title==""){
$error1=1;
}
else{
$error1=0;
}

$review_email=$_POST['review_email'];
$_SESSION['review_email']==$review_email;
$review_email = stripslashes($review_email);
$review_email = mysql_real_escape_string($review_email);
if($review_email==""){
$error2=1;
}
else{
$error2=0;
}

$review_location=$_POST['review_location'];
$_SESSION['review_location']==$review_location;
$review_location = stripslashes($review_location);
$review_location = mysql_real_escape_string($review_location);
if($review_location==""){
$error3=1;
}
else{
$error3=0;
}

$review_describe=$_POST['review_describe'];
$_SESSION['review_describe']==$review_describe;
$review_describe = stripslashes($review_describe);
$review_describe = mysql_real_escape_string($review_describe);
if($review_describe==""){
$error4=1;
}
else{
$error4=0;
}

$review_best_use=$_POST['review_best_use'];
$_SESSION['review_best_use']==$review_best_use;
$review_best_use = stripslashes($review_best_use);
$review_best_use = mysql_real_escape_string($review_best_use);
if($review_best_use==""){
$error5=1;
}
else{
$error5=0;
}

$review_pros=$_POST['review_pros'];
$_SESSION['review_pros']==$review_pros;
$review_pros = stripslashes($review_pros);
$review_pros = mysql_real_escape_string($review_pros);
if($review_pros==""){
$error6=1;
}
else{
$error6=0;
}

$review_cons=$_POST['review_cons'];
$_SESSION['review_cons']==$review_cons;
$review_cons = stripslashes($review_cons);
$review_cons = mysql_real_escape_string($review_cons);
if($review_cons==""){
$error7=1;
}
else{
$error7=0;
}

$review_product_rating=$_POST['review_product_rating'];
$_SESSION['review_product_rating']=$review_product_rating;
$review_product_rating = stripslashes($review_product_rating);
$review_product_rating = mysql_real_escape_string($review_product_rating);

$review_text=$_POST['review_text'];
$_SESSION['review_text']==$review_text;
$review_text = stripslashes($review_text);
$review_text = mysql_real_escape_string($review_text);
if($review_text==""){
$error8=1;
}
else{
$error8=0;
}

$review_show="n";

date_default_timezone_set('US/Eastern');
$review_date = date("F j, Y, g:i a T");

$error="".$error0."".$error1."".$error2."".$error3."".$error4."".$error5."".$error6."".$error7."".$error8."";


if($_GET['p']=="php"){
if($error!=="000000000"){
$_SESSION['error']=$error;
//header("Location: ./store.php?product=".$product_id."&write=review");
echo $_SESSION['review_name'];
}
else{
$sql="INSERT INTO $tbl_name3 (product_id, review_show, review_title, review_email, review_name, review_location, review_date, review_describe, review_best_use, review_pros, review_cons, review_product_rating, review_text) VALUES ('$product_id', '$review_show', '$review_title', '$review_email', '$review_name', '$review_location', '$review_date', '$review_describe', '$review_best_use', '$review_pros', '$review_cons', '$review_product_rating', '$review_text')";
mysql_query($sql);
header("Location: ./store.php?product=".$product_id."&reviews=thankyou");
}
}
On this second page echo $_SESSION['review_name']; returns nothing, when changed to $_SESSION['review_product_rating']; it returns the rating I selected in the form. I'm probably missing something obvious here.

Is it good practice to put an oop object in session variable

I have a form where users enter name, username, password etc. The values are posted to a MySQL table where I also have a field called 'ID' that auto increments. I want to store that ID in a SESSION variable that I can carry over to other pages. Need help in doing this please.

Hey guys, please tell me why the session var $_SESSION['return_url'] is not carrying from test.php to login.php

The two echos in this file work perfectly, so i know the session var is registered...
test.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

    <title>SWG:ANH &bull; Bringing PreCU back to life...</title>

    <link rel="shortcut icon" href="favicon.ico" />
    <link rel="stylesheet" type="text/css" media="screen" href="theme/main.css" />

<?php

session_start();
// This section will generate a var containing the current page URL. This will be used to allow the language script to redirect users back to the page they
// were on, in the language they selected. It is registered as a session variuable that will change every time the page changes.
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
// Here we register the URL we grabbed earlier in the session var.
$return_url = curPageURL();
$_SESSION['return_url'] = $return_url;

echo $_SESSION['return_url'];
echo $return_url;
include 'lang/enus.php';
include 'menu.php';
?>

login.php
<?php
session_start();
echo $_SESSION['return_url'] ;
include 'dbconnect.php';
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$return_url = $_SESSION['return_url'];
echo $return_url;
$result = mysql_query("SELECT COUNT(*) FROM account WHERE Username='$username' and Pass='$password'") or die(mysql_error());
$result = mysql_fetch_row($result); 
$result = $result[0];


if($result == 1){
$_SESSION['username'] = $username;

header("Location:".$return_url);
}
else {
echo "Wrong Username or Password. Use the back button. If you think this message is incorrect, contact the webmaster.";
}
?>

I know its not carrying because the echo in login.php is not returning anything and the script cant execute the header function because it has nowhere to go! Ive narrowed it down to the session var not carrying.

Hello

i have problem in set session variables in .htaccess file.

i have tried some codes which are belows but i did not effect in php info file.

<IfModule mod_php5.c>
  php_value session.gc_maxlifetime 86400
  php_value session.cache_expire 86400
</IfModule>

please let me know if any one have solutions fot this

Hey guys, been awhile since I have been here, but I hit a little issue in reading session data reliably every time.

What I am doing is reading the variables and values from a rarurlencoded string.
Then putting that into a session array to populate parts of a form and fill in some hidden fields.
After the form posts every now and then, about 1 in 50 or so attempts, I have one (always the same one) that just vanishes.

Anyone ever experience anything like this?